0.1.1 • Published 12 years ago

connect-ensure-login v0.1.1

Weekly downloads
29,164
License
-
Repository
github
Last release
12 years ago

connect-ensure-login

This middleware ensures that a user is logged in. If a request is received that is unauthenticated, the request will be redirected to a login page. The URL will be saved in the session, so the user can be conveniently returned to the page that was originally requested.

Install

$ npm install connect-ensure-login

Usage

Ensure Authentication

In this example, an application has a settings page where preferences can be configured. A user must be logged in before accessing this page.

app.get('/settings',
  ensureLoggedIn('/login'),
  function(req, res) {
    res.render('settings', { user: req.user });
  });

If a user is not logged in when attempting to access this page, the request will be redirected to /login and the original request URL (/settings) will be saved to the session at req.session.returnTo.

Log In and Return To

This middleware integrates seamlessly with Passport. Simply mount Passport's authenticate() middleware at the login route.

app.get('/login', function(req, res) {
  res.render('login');
});

app.post('/login', passport.authenticate('local', { successReturnToOrRedirect: '/', failureRedirect: '/login' }));

Upon log in, Passport will notice the returnTo URL saved in the session and redirect the user back to /settings.

Step By Step

If the user is not logged in, the sequence of requests and responses that take place during this process can be confusing. Here is a step-by-step overview of what happens:

  1. User navigates to GET /settings
    • Middleware sets session.returnTo to /settings
    • Middleware redirects to /login
  2. User's browser follows redirect to GET /login
    • Application renders a login form (or, alternatively, offers SSO)
  3. User submits credentials to POST /login
    • Application verifies credentials
    • Passport reads session.returnTo and redirects to /settings
  4. User's browser follows redirect to GET /settings
    • Now authenticated, application renders settings page

Tests

$ npm install --dev
$ make test

Build Status

Credits

License

The MIT License

Copyright (c) 2012-2013 Jared Hanson [http://jaredhanson.net/](http://jaredhanson.net/)

composer-rest-serverhadith-appnodehalnando-auth@md-app/loopback-component-oauth2-serverbookipi-serverfivema-facebookmeen-cmsnodebb-plugin-chat-monitormyurlthing-it-server@everything-registry/sub-chunk-1372taller-abmt-oauth2-providerteeny-express-serversublime-oauth2sycle-component-oauth2@bluecube/gatewayjupyter-dashboards-serverstayindstrong-gateway@akala/authentication@akala-modules/authentication@aytacworld/express-oauth@aestheticbookshelf/oauth@blinkk/filesetyaeyoumen-idmyourlocalcousinweblab-skeletonwebshell-serverxtuple@gamesolutionslab/server_authentication@liveramp/oidc-middleware@liranbri/oidc-middleware@madbean/authentication@exothermic/lib-auth0@exothermic/server-express@jchpro/web-app-auth-local@restmatic/authenticationmujimoauth2mongoose-talkablemilibromyoauth2mystreamservernayrationoneauthokta-oidc-middlewareokta-oidc-middleware-without-aamoauth-gitlaboada-ref-authpassport-lately-sampleschejulekueserver-oauth2rp2rtsp-samsung-tvpushgeek-web-push-servicesnodebbnodedatanodedata_sgpmax-gatewaypunchcard-cmspuremvc-expressrapid_expressproyecto-sytw-alex-moirm3smartthings-phevctlsmolsmolpressgitbook-start-heroku-p7-josue-nayragitbook-start-heroku-token-oauth-alex-moigitbook-start-heroku-token-oauth-noejaco17gitbook-start-https-alex-moigitbook-start-https-noejacogitbook-start-iaas-bbdd-alex-moigitbook-start-mongo-noejacogitbook-start-team-noejaco2017-4.0gitbook-start-plugin-general-noejaco17gitbook-start-plugin-heroku-ericlucastaniagitbook-start-proyectofinal-noejacogitbook-start-proyectofinal-noejaco17gitbook-start-heroku-P8-josue-nayragitbook-start-heroku-P9-josue-nayragitbook-start-heroku-josue-nayragitbook-start-heroku-localstrategy-alex-moigitbook-start-heroku-localstrategy-noejaco17gpii-universalimmershypervault-rest-serverheight-power-gatewayhackathon-starter-kitlims-oauth2loopback-component-oauth2loopback-component-oauth2-servermachi-authloopback-oauth2orizemailprobekyso-cloud-dashboardkrb-web-form
0.1.1

12 years ago

0.1.0

13 years ago